Is Yog-Sotho/LLM-fine-tuner safe?

https://github.com/Yog-Sotho/LLM-fine-tuner

83
SAFE

This is a legitimate LLM fine-tuning tool built with Gradio that provides educational and research capabilities for model customization. However, the v2.4 version includes concerning 'Heretic Mode' functionality that attempts to remove model safety restrictions through subprocess execution.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 65/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (3)

HIGH Heretic Mode Subprocess Execution -35

The v2.4 version includes a 'Heretic Mode' that executes an external command via subprocess.run() to remove restrictions from fine-tuned models. This functionality is designed to bypass model safety measures.

MEDIUM Model Upload Capability -5

The tool includes functionality to upload trained models to HuggingFace Hub, which could potentially be used for unauthorized model sharing, though it requires explicit user token input.

MEDIUM Potential for Misuse -25

While legitimate for research and educational purposes, the heretic mode functionality could be misused to create uncensored models that bypass important safety guardrails.